You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hive.apache.org by xu...@apache.org on 2015/09/25 03:40:01 UTC
[23/50] [abbrv] hive git commit: HIVE-11875: JDBC Driver does not
honor delegation token mechanism when readings params from ZooKeeper (Vaibhav
Gumashta reviewed by Jason Dere)
HIVE-11875: JDBC Driver does not honor delegation token mechanism when readings params from ZooKeeper (Vaibhav Gumashta reviewed by Jason Dere)
Project: http://git-wip-us.apache.org/repos/asf/hive/repo
Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/514ab795
Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/514ab795
Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/514ab795
Branch: refs/heads/beeline-cli
Commit: 514ab795ffd03a72803f878eac57e3cf82b80045
Parents: 2a65989
Author: Vaibhav Gumashta <vg...@apache.org>
Authored: Mon Sep 21 17:00:24 2015 -0700
Committer: Vaibhav Gumashta <vg...@apache.org>
Committed: Mon Sep 21 17:00:24 2015 -0700
----------------------------------------------------------------------
.../hive/jdbc/ZooKeeperHiveClientHelper.java | 32 ++++++++++++++------
1 file changed, 22 insertions(+), 10 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hive/blob/514ab795/jdbc/src/java/org/apache/hive/jdbc/ZooKeeperHiveClientHelper.java
----------------------------------------------------------------------
diff --git a/jdbc/src/java/org/apache/hive/jdbc/ZooKeeperHiveClientHelper.java b/jdbc/src/java/org/apache/hive/jdbc/ZooKeeperHiveClientHelper.java
index eeb3cf9..4712d2e 100644
--- a/jdbc/src/java/org/apache/hive/jdbc/ZooKeeperHiveClientHelper.java
+++ b/jdbc/src/java/org/apache/hive/jdbc/ZooKeeperHiveClientHelper.java
@@ -137,20 +137,32 @@ class ZooKeeperHiveClientHelper {
&& !(connParams.getSessionVars().containsKey(JdbcConnectionParams.USE_SSL))) {
connParams.getSessionVars().put(JdbcConnectionParams.USE_SSL, matcher.group(2));
}
- // Set authentication configs
- // Note that in JDBC driver, we have 3 auth modes: NOSASL, Kerberos and password based
- // The use of "JdbcConnectionParams.AUTH_TYPE=JdbcConnectionParams.AUTH_SIMPLE" picks NOSASL
- // The presence of "JdbcConnectionParams.AUTH_PRINCIPAL=<principal>" picks Kerberos
- // Otherwise password based (which includes NONE, PAM, LDAP, CUSTOM)
- if ((matcher.group(1).equals("hive.server2.authentication"))
- && !(connParams.getSessionVars().containsKey(JdbcConnectionParams.AUTH_TYPE))) {
- if (matcher.group(2).equalsIgnoreCase("NOSASL")) {
+ /**
+ * Note: this is pretty messy, but sticking to the current implementation.
+ * Set authentication configs. Note that in JDBC driver, we have 3 auth modes: NOSASL,
+ * Kerberos (including delegation token mechanism) and password based.
+ * The use of JdbcConnectionParams.AUTH_TYPE==JdbcConnectionParams.AUTH_SIMPLE picks NOSASL.
+ * The presence of JdbcConnectionParams.AUTH_PRINCIPAL==<principal> picks Kerberos.
+ * If principal is absent, the presence of
+ * JdbcConnectionParams.AUTH_TYPE==JdbcConnectionParams.AUTH_TOKEN uses delegation token.
+ * Otherwise password based (which includes NONE, PAM, LDAP, CUSTOM)
+ */
+ if (matcher.group(1).equals("hive.server2.authentication")) {
+ // NOSASL
+ if (matcher.group(2).equalsIgnoreCase("NOSASL")
+ && !(connParams.getSessionVars().containsKey(JdbcConnectionParams.AUTH_TYPE) && connParams
+ .getSessionVars().get(JdbcConnectionParams.AUTH_TYPE)
+ .equalsIgnoreCase(JdbcConnectionParams.AUTH_SIMPLE))) {
connParams.getSessionVars().put(JdbcConnectionParams.AUTH_TYPE,
JdbcConnectionParams.AUTH_SIMPLE);
}
}
- // Set server's kerberos principal
- if ((matcher.group(1).equals("hive.server2.authentication.kerberos.principal"))
+ // KERBEROS
+ // If delegation token is passed from the client side, do not set the principal
+ if (matcher.group(2).equalsIgnoreCase("hive.server2.authentication.kerberos.principal")
+ && !(connParams.getSessionVars().containsKey(JdbcConnectionParams.AUTH_TYPE) && connParams
+ .getSessionVars().get(JdbcConnectionParams.AUTH_TYPE)
+ .equalsIgnoreCase(JdbcConnectionParams.AUTH_TOKEN))
&& !(connParams.getSessionVars().containsKey(JdbcConnectionParams.AUTH_PRINCIPAL))) {
connParams.getSessionVars().put(JdbcConnectionParams.AUTH_PRINCIPAL, matcher.group(2));
}